[SLING-9770] XSS API encodeForCSSString should sometimes leave the '>' character alone - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: XSS Protection API 2.2.6
Fix Version/s: None
Component/s: XSS Protection API
Labels:
None

Description

while

xssApi.encodeForCSSString should righteously encode "JavaScrIpt some text>" into "JavaScrIpt some text
3e"it should leave ".foo > .bar { some rule }" alone as changing here the '>' character will break the CSS

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Nicolas Peltier

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 26/Sep/20 17:02

Updated:: 26/Sep/20 17:02